PT-2014-1815 · Red Hat+3 · File+4

Published

2014-03-06

Updated

2024-06-15

CVE-2014-2270

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions file versions prior to 5.17

Description The issue allows context-dependent attackers to cause a denial of service via crafted offsets in the softmagic of a PE executable, leading to out-of-bounds memory access and crash. Multiple vulnerabilities in the file package of Red Hat Enterprise Linux can be exploited remotely, potentially disrupting the availability of protected information.

Recommendations For versions prior to 5.17, update to version 5.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the softmagic component of PE executables until a patch is available. Avoid using crafted offsets in the softmagic of PE executables to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2021-2505

ALT-PU-2023-1892

BDU:2015-06092

BDU:2015-06093

BDU:2015-06094

BDU:2015-06095

BDU:2015-06096

CESA-2014_1012

CESA-2014_1606

CVE-2014-2270

DLA-145-1

DSA-2873-1

DSA-2943-1

MGASA-2014-0123

MGASA-2014-0162

MGASA-2014-0163

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

RHSA-2014:1012

RHSA-2014:1606

RHSA-2014:1765

RHSA-2014_1012

RHSA-2014_1606

SUSE-SU-2014_0670-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

File

PT-2014-1815 · Red Hat+3 · File+4

CVE-2014-2270

Weakness Enumeration

Related Identifiers

Affected Products

References · 123